业务传输速率的控制方法及装置、系统Method, device and system for controlling traffic transmission rate
技术领域Technical field
本发明涉及网络通信领域,具体而言,涉及一种业务传输速率的控制方法及装置、系统。The present invention relates to the field of network communications, and in particular to a method, device, and system for controlling a service transmission rate.
背景技术Background technique
如图1所示,企业出口处分布式部署多台业务网关设备,从因特网(Internet)进来的流量数据在出口路由器上通过等价路由负载分担到这多台业务网关(例如图1中的业务网关A、B、C)上。由于抗分布式拒绝服务(Distributed Denial of Service,简称为DDoS)攻击或带宽限制等需求,需要在业务网关上对到各个目的主机的业务传输速率(又称为流量)进行限制,确保进入内网的业务传输速率不会超过用户购买的带宽,以免对内网链路造成冲击。As shown in Figure 1, multiple service gateway devices are deployed in the enterprise's egress. Traffic data coming in from the Internet (Internet) is distributed to the multiple service gateways through the equal-cost routing load on the egress router (for example, the service in Figure 1). On gateways A, B, and C). Due to the requirements of the Distributed Denial of Service (DDoS) attack or the bandwidth limitation, you need to limit the service transmission rate (also called traffic) to each destination host on the service gateway to ensure access to the intranet. The service transmission rate will not exceed the bandwidth purchased by the user, so as to avoid impact on the intranet link.
但是对于这种分布式部署的场景,由于每台业务网关独立进行限流(即对业务传输速率进行限制),所以需要考虑如何确保经过多台业务网关并行限流之后的总流量(即同一目的地址的总业务传输速率)符合预期的阈值。However, for this distributed deployment scenario, since each service gateway independently performs traffic limiting (that is, limits the service transmission rate), it is necessary to consider how to ensure the total traffic after parallel limiting of traffic through multiple service gateways (that is, the same purpose). The total service transmission rate of the address) meets the expected threshold.
但是针对上述的问题,目前尚未提出有效的解决方案。However, for the above problems, no effective solution has been proposed yet.
发明内容
Summary of the invention
本发明实施例提供了一种业务传输速率的控制方法及装置、系统,以至少解决分布式环境下尚无有效的保证经过多台业务网关的并行限流后的总流量符合预期的阈值的技术方案的技术问题。The embodiment of the invention provides a method, a device and a system for controlling a service transmission rate, so as to at least solve the technology that the total traffic after the parallel traffic limiting of multiple service gateways meets an expected threshold is not effective in a distributed environment. Technical issues of the program.
根据本发明实施例的一个方面,提供了一种业务传输速率的控制方法,包括:获取分布式环境中的业务网关组中各个业务网关上报的业务传输速率信息,其中,所述各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对所述业务数据的业务传输速率进行限制的网关;所述业务传输速率信息用于指示每个业务网关上针对所述目的地址的业务传输速率;对于所述业务网关组中的每个业务网关,判断所述业务传输速率信息所指示的业务传输速率是否大于与所述业务网关对应的所述限流阈值;在至少一个判断结果为是时,将为所述各个业务网关分配的所述限流阈值调整为指定值,得到指定阈值,其中,所述指定值满足以下条件:所述各个业务网关上所述指定值的总和不大于运营商为所述目的地址分配的带宽;将所述指定阈值下发给所述各个业务网关。According to an aspect of the present invention, a method for controlling a service transmission rate is provided, which includes: acquiring service transmission rate information reported by each service gateway in a service gateway group in a distributed environment, where each service gateway is a gateway that transmits service data to the same destination address in parallel, and limits a service transmission rate of the service data according to a respective current limit threshold; the service transmission rate information is used to indicate that the service address is for the destination address. a service transmission rate; determining, for each service gateway in the service gateway group, whether a service transmission rate indicated by the service transmission rate information is greater than the traffic restriction threshold corresponding to the service gateway; at least one determination result If yes, the current-limit thresholds that are allocated to the service gateways are adjusted to a specified value, and a specified threshold is obtained, where the specified value satisfies the following condition: the sum of the specified values on the respective service gateways is not Greater than the bandwidth allocated by the operator for the destination address; the specified threshold is sent to the location Various business gateway.
根据本发明实施例的另一方面,还提供了另一种业务传输速率的控制方法,包括:业务网关组中的各个业务网关接收指定阈值,其中,所述各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对所述业务数据的业务传输速率进行限制的网关,所述指定阈值通过以下方式确定:在所述业务网关组中任一业务网关上的所述业务传输速率大于与所述业务网关对应的限流阈值时,将为所述各个业务网关分配的所述限流阈值调整为指定值,得到所述指定阈值,其中,所述指定值满足以下条
件:所述各个业务网关上所述指定值的总和不大于运营商为所述目的地址分配的带宽;所述业务网关依据所述指定阈值对本地的所述业务数据传输速率进行限制。According to another aspect of the present invention, a method for controlling a service transmission rate is further provided, including: each service gateway in a service gateway group receives a specified threshold, wherein each service gateway is in parallel to the same destination address. a gateway that transmits service data and limits a service transmission rate of the service data according to a respective traffic restriction threshold, where the specified threshold is determined by: the service on any service gateway in the service gateway group And when the transmission rate is greater than the traffic limiting threshold corresponding to the service gateway, the current limiting threshold that is allocated to the service gateway is adjusted to a specified value, and the specified threshold is obtained, where the specified value meets the following
The sum of the specified values on the service gateways is not greater than the bandwidth allocated by the operator for the destination address; the service gateway limits the local service data transmission rate according to the specified threshold.
根据本发明实施例的另一方面,还提供了一种业务传输速率的控制装置,包括:获取模块,用于获取分布式环境中的业务网关组中各个业务网关上报的业务传输速率信息,其中,所述各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对所述业务数据的业务传输速率进行限制的网关;所述业务传输速率信息用于指示每个业务网关上针对所述目的地址的业务传输速率;判断模块,用于对于所述业务网关组中的每个业务网关,判断所述业务传输速率信息所指示的业务传输速率是否大于与所述业务网关对应的所述限流阈值;调整模块,用于在所述判断模块输出的至少一个判断结果为是时,将为所述各个业务网关分配的所述限流阈值调整为指定值,得到指定阈值,其中,所述指定值满足以下条件:所述各个业务网关上所述指定值的总和不大于运营商为所述目的地址分配的带宽;发送模块,用于将所述指定阈值下发给所述各个业务网关。According to another aspect of the present invention, a device for controlling a service transmission rate is further provided, comprising: an obtaining module, configured to acquire service transmission rate information reported by each service gateway in a service gateway group in a distributed environment, where The service transmission gateways are gateways that transmit service data to the same destination address in parallel and limit the service transmission rate of the service data according to respective traffic limiting thresholds; the service transmission rate information is used to indicate each service gateway. a service transmission rate for the destination address; a determining module, configured to determine, for each service gateway in the service gateway group, whether a service transmission rate indicated by the service transmission rate information is greater than a service gateway The current limiting threshold is configured to adjust, when the at least one determination result output by the determining module is YES, the current limiting threshold allocated to the service gateway to a specified value, to obtain a specified threshold, The specified value satisfies the following conditions: a total of the specified values on the respective service gateways Is not greater than the destination address for the operators assigned bandwidth; sending module, configured to send the specified lower threshold value of the respective service gateway.
根据本发明实施例的另一方面,还提供了另一种业务传输速率的控制装置,应用于业务网关组中的业务网关,其中,所述业务网关组中各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对所述业务数据的业务传输速率进行限制的网关,所述装置包括:接收模块,用于接收指定阈值,其中,所述指定阈值通过以下方式确定:在所述业务网关组中任一业务网关上的所述业务传输速率大于与所述业务网关对应
的限流阈值时,将为所述各个业务网关分配的所述限流阈值调整为指定值,得到所述指定阈值,其中,所述指定值满足以下条件:所述各个业务网关上所述指定值的总和不大于运营商为所述目的地址分配的带宽;限制模块,用于依据所述指定阈值对本地的所述业务数据传输速率进行限制。According to another aspect of the present invention, a control device for another service transmission rate is further provided, which is applied to a service gateway in a service gateway group, where each service gateway in the service gateway group is parallel to the same destination address. a gateway that transmits the service data and limits the service transmission rate of the service data according to the respective traffic limiting thresholds. The device includes: a receiving module, configured to receive a specified threshold, where the specified threshold is determined by: The service transmission rate on any service gateway in the service gateway group is greater than the service gateway
And the current-limit threshold that is allocated to the service gateways is adjusted to a specified value, and the specified threshold is obtained, where the specified value meets the following conditions: the specified on the service gateway The sum of the values is not greater than the bandwidth allocated by the operator for the destination address; and the limiting module is configured to limit the local service data transmission rate according to the specified threshold.
在本发明实施例中,采用在各个业务网关上报的针对同一目的地址的业务传输速率中存在大于限流阈值的业务传输速率时,对所述各个业务网关上用于限制所述目的地址的业务传输速率的阈值进行动态调整,以实现对目的地址的业务传输速率进行限制的目的,从而实现了保证经过多台业务网关并行限流之后的总流量(即同一目的地址的总业务传输速率)符合预期的阈值的技术效果,进而解决了分布式环境下尚无有效的保证经过多台业务网关的并行限流后的总流量符合预期的阈值的技术方案的技术问题。In the embodiment of the present invention, when the service transmission rate for the same destination address reported by each service gateway is greater than the traffic restriction threshold, the service for limiting the destination address is used on each service gateway. The threshold of the transmission rate is dynamically adjusted to limit the service transmission rate of the destination address, thereby ensuring that the total traffic (that is, the total service transmission rate of the same destination address) after parallel traffic limiting by multiple service gateways is met. The technical effect of the expected threshold further solves the technical problem of the technical solution that the total traffic after the parallel traffic limiting of multiple service gateways meets the expected threshold in the distributed environment.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据相关技术的一种分布式网络环境的网络架构图;1 is a network architecture diagram of a distributed network environment according to the related art;
图2是本发明实施例的一种业务传输速率的控制方法的计算机终端的硬件结构框图;2 is a block diagram showing the hardware structure of a computer terminal for controlling a service transmission rate according to an embodiment of the present invention;
图3是根据本发明实施例1的业务传输速率的控制方法的流程图;
3 is a flowchart of a method of controlling a service transmission rate according to Embodiment 1 of the present invention;
图4是根据本发明实施例的一种可选的基于集中式控制方案的业务传输速率的控制方法的流程示意图;4 is a schematic flow chart of an optional method for controlling a service transmission rate based on a centralized control scheme according to an embodiment of the present invention;
图5是根据本发明实施例的一种可选的基于集中式控制方案的业务传输速率的控制流程示意图;FIG. 5 is a schematic diagram of a control flow of an optional service transmission rate based on a centralized control scheme according to an embodiment of the present invention; FIG.
图6为根据本发明实施例的一种可选的基于集中式控制方案中业务网关(SGW)上的控制面处理流程示意图;6 is a schematic diagram of a control plane processing process on a service gateway (SGW) in an optional centralized control scheme according to an embodiment of the present invention;
图7为根据本发明实施例的一种可选的基于集中式控制方案中SGW上的数据面处理流程示意图;7 is a schematic diagram of a data plane processing process on an SGW in an optional centralized control scheme according to an embodiment of the present invention;
图8是根据本发明实施例的一种可选的基于分布式控制方案的业务传输速率的控制流程示意图;8 is a schematic diagram of a control flow of an optional service transmission rate based on a distributed control scheme according to an embodiment of the present invention;
图9为根据本发明实施例的一种可选的基于分布式控制方案中SGW上的控制面处理流程示意图;9 is a schematic diagram of a control plane processing process on an SGW in an optional distributed control scheme according to an embodiment of the present invention;
图10为根据本发明实施例的一种可选的基于分布式控制方案中SGW上的数据面处理流程示意图;10 is a schematic diagram of a data plane processing process on an SGW in an optional distributed control scheme according to an embodiment of the present invention;
图11是根据本发明实施例的一种可选的业务传输速率的控制装置的结构示意图;11 is a schematic structural diagram of an apparatus for controlling an optional service transmission rate according to an embodiment of the present invention;
图12是根据本发明实施例的一种可选的业务传输速率的控制装置的另一结构示意图;FIG. 12 is another schematic structural diagram of an apparatus for controlling an optional service transmission rate according to an embodiment of the present invention; FIG.
图13是根据本发明实施例的另一种可选的业务传输速率的控制方法
的流程示意图;FIG. 13 is a diagram of another optional method for controlling a service transmission rate according to an embodiment of the present invention.
Schematic diagram of the process;
图14是根据本发明实施例的另一种可选的业务传输速率的控制装置的结构示意图;FIG. 14 is a schematic structural diagram of another optional control device for a service transmission rate according to an embodiment of the present invention; FIG.
图15是根据本发明实施例的一种可选的业务传输速率的控制系统的结构示意图;15 is a schematic structural diagram of an optional service transmission rate control system according to an embodiment of the present invention;
图16是根据本发明实施例的一种计算机终端的结构框图。FIG. 16 is a structural block diagram of a computer terminal according to an embodiment of the present invention.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is an embodiment of the invention, but not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts shall fall within the scope of the present invention.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本发明的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出
的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order. It is to be understood that the data so used may be interchanged where appropriate, so that the embodiments of the invention described herein can be implemented in a sequence other than those illustrated or described herein. In addition, the terms "comprises" and "comprises" and "the" and "the" are intended to cover a non-exclusive inclusion, for example, a process, method, system, product, or device that comprises a series of steps or units is not necessarily limited to Those steps or units, but may include not clearly listed
Or other steps or units inherent to these processes, methods, products or equipment.
针对分布式部署场景中,如何确保经过多台业务网关并行限流之后的总流量(即同一目的地址的总业务传输速率)符合预期的阈值的技术问题,相关技术中提供了两种解决方案:In the distributed deployment scenario, how to ensure that the total traffic after the parallel traffic limiting of multiple service gateways (that is, the total service transmission rate of the same destination address) meets the expected threshold, two solutions are provided in the related technologies:
1、在出口路由器上选择合适的哈希算法,使流量尽可能均匀分配到每台业务网关上,然后给每台业务网关配置均分之后的限流阈值;1. Select an appropriate hash algorithm on the egress router to distribute the traffic to each service gateway as evenly as possible, and then configure a traffic limiting threshold after each equalization for each service gateway.
2、在出口路由器上选择基于目的IP的哈希算法,使到达同一个目的IP的流量都只经过同一台业务网关处理,然后在相应的业务网关上配置实际的限流阈值;2. Selecting a hash algorithm based on the destination IP address on the egress router, so that the traffic that reaches the same destination IP address is processed by the same service gateway only, and then the actual traffic limiting threshold is configured on the corresponding service gateway.
但是,方案1和方案2均存在一定的缺陷:However, both Scheme 1 and Option 2 have certain drawbacks:
对于方案1:该方案依赖路由器所能支持的负载分担算法,只有路由器支持逐包负载分担并且配置此算法之后,才能比较均匀的将流量分配每个业务上。但是逐包负载分担容易造成报文的乱序,占用服务器端的处理性能,另外如果业务网关上需要建立流表监控连接状态,则不能使用逐包负载分担。而逐流负载分担无法保证将流量均匀的分配到每台业务网关上,这样,如果某个业务网关上流入的流量小于均分之后的限流阈值,就会导致限速之后的总流量小于预期的限流阈值。For the scheme 1: the scheme relies on the load sharing algorithm that the router can support. Only after the router supports the packet-by-packet load balancing and the algorithm is configured, the traffic can be uniformly allocated to each service. However, packet-by-packet load balancing is easy to cause packet out-of-order, which occupies the processing performance of the server. In addition, if the traffic table needs to establish a flow table to monitor the connection status, packet-by-packet load balancing cannot be used. The traffic-based load balancing cannot guarantee that traffic is evenly distributed to each service gateway. Therefore, if the traffic flowing in a service gateway is less than the current-limit threshold after the equalization, the total traffic after the speed limit is smaller than expected. Current limit threshold.
对于方案2:该方案需要将相同的目的IP的流量分配到相同的业务网关上进行处理,这就导致当某个目的IP流量比较大时,容易消耗掉对应的业务网关的处理性能,进而影响到这台业务网关上其它目的IP的流量。
For solution 2, the solution needs to allocate the traffic of the same destination IP to the same service gateway for processing. This causes the processing performance of the corresponding service gateway to be easily consumed when a certain destination IP traffic is relatively large. Traffic to other destination IPs on this service gateway.
针对上述问题,本发明实施例提供了一种不需要特定的负载分担方式的情况下实现业务传输速率的控制的技术方案,以下结合具体实施例详细说明。For the above problem, the embodiment of the present invention provides a technical solution for implementing control of a service transmission rate without requiring a specific load sharing mode, which is described in detail below in conjunction with specific embodiments.
实施例1Example 1
根据本发明实施例,提供了一种业务传输速率的控制方法的方法实施例,需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。According to an embodiment of the present invention, a method embodiment of a method for controlling a service transmission rate is provided. It is to be noted that the steps shown in the flowchart of the accompanying drawings may be executed in a computer system such as a set of computer executable instructions. And, although the logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in a different order than the ones described herein.
本申请实施例1所提供的方法实施例可以在移动终端、计算机终端或者类似的运算装置中执行。以运行在计算机终端上为例,图2是本发明实施例的一种业务传输速率的控制方法的计算机终端的硬件结构框图。如图2所示,计算机终端20可以包括一个或多个(图中仅示出一个)处理器202(处理器202可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)、用于存储数据的存储器204、以及用于通信功能的传输模块206。本领域普通技术人员可以理解,图2所示的结构仅为示意,其并不对上述电子装置的结构造成限定。例如,计算机终端20还可包括比图2中所示更多或者更少的组件,或者具有与图2所示不同的配置。The method embodiment provided by Embodiment 1 of the present application can be executed in a mobile terminal, a computer terminal or the like. Taking a computer terminal as an example, FIG. 2 is a hardware structural block diagram of a computer terminal for controlling a service transmission rate according to an embodiment of the present invention. As shown in FIG. 2, computer terminal 20 may include one or more (only one shown) processor 202 (processor 202 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA). A memory 204 for storing data, and a transmission module 206 for communication functions. It will be understood by those skilled in the art that the structure shown in FIG. 2 is merely illustrative and does not limit the structure of the above electronic device. For example, computer terminal 20 may also include more or fewer components than those shown in FIG. 2, or have a different configuration than that shown in FIG. 2.
存储器204可用于存储应用软件的软件程序以及模块,如本发明实施例中的业务传输速率的控制方法对应的程序指令/模块,处理器202通过运行存储在存储器204内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的应用程序的漏洞检测方法。存储器204可包括高
速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器204可进一步包括相对于处理器202远程设置的存储器,这些远程存储器可以通过网络连接至计算机终端20。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 204 can be used to store software programs and modules of the application software, such as program instructions/modules corresponding to the control method of the service transmission rate in the embodiment of the present invention, and the processor 202 runs the software program and the module stored in the memory 204, thereby Perform various functional applications and data processing, that is, implement the vulnerability detection method of the above application. Memory 204 can include high
The fast random access memory may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 204 can further include memory remotely located relative to processor 202, which can be connected to computer terminal 20 over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
传输模块206用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机终端20的通信供应商提供的无线网络。在一个实例中,传输模块206包括一个网络适配器(Network Interface Controller,NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输模块206可以为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。The transmission module 206 is configured to receive or transmit data via a network. The network specific examples described above may include a wireless network provided by a communication provider of the computer terminal 20. In one example, the transmission module 206 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet. In one example, the transmission module 206 can be a Radio Frequency (RF) module for communicating with the Internet wirelessly.
在上述运行环境下,本申请提供了如图3所示的业务传输速率的控制方法。图3是根据本发明实施例1的业务传输速率的控制方法的流程图。如图3所示,该方法包括步骤S302-S308:In the above operating environment, the present application provides a method for controlling the service transmission rate as shown in FIG. 3 is a flow chart showing a method of controlling a service transmission rate according to Embodiment 1 of the present invention. As shown in FIG. 3, the method includes steps S302-S308:
步骤S302,获取分布式环境中的业务网关组中各个业务网关上报的业务传输速率信息,其中,上述各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关;业务传输速率信息用于指示每个业务网关上针对目的地址的业务传输速率;Step S302: Obtain service transmission rate information reported by each service gateway in the service gateway group in the distributed environment, where each service gateway transmits service data in parallel to the same destination address, and performs service data according to respective current limit thresholds. a gateway whose service transmission rate is limited; the service transmission rate information is used to indicate a service transmission rate for a destination address on each service gateway;
在一个可选实施例中,对于同一目的地址的业务传输速率可以表现为:用于对该目的地址的业务数据进行分流传输的各个业务网关上的速率之
和,例如网关组中为同一目的地址的业务数据进行分流传输的业务网关数量为5,这5个业务网关上针对上述目的地址的业务传输速率分别为:10k/s、20k/s、40k/s、50k/s、70k/s,则对于该目的地址而言,该目的地址的业务传输速率应为:(10+20+40+50+70)k/s,即190k/s。In an optional embodiment, the service transmission rate for the same destination address may be expressed as: a rate on each service gateway used for offloading the service data of the destination address.
And, for example, the number of service gateways for the service data of the same destination address in the gateway group is 5, and the service transmission rates for the destination addresses on the five service gateways are: 10 k/s, 20 k/s, 40 k/ s, 50k/s, 70k/s, for the destination address, the service transmission rate of the destination address should be: (10+20+40+50+70) k/s, ie 190k/s.
可选地,该步骤获取上述业务传输速率信息的方式有多种,例如在采用集中式控制方案时,可以通过一个集中式控制设备(即控制中心)接收业务网关组中各个业务网关上报的上述业务传输速率信息;在采用分布式控制方案时,可以由上述业务网关组中按照预设规则(例如采用哈希算法)选择的一个业务网关接收上述业务传输速率信息。Optionally, the step of obtaining the service transmission rate information in the service gateway group may be performed by using a centralized control device (ie, a control center) to receive the foregoing information reported by each service gateway in the service gateway group. The service transmission rate information may be received by a service gateway selected by the foregoing service gateway group according to a preset rule (for example, using a hash algorithm).
需要说明的是,本发明实施例中业务网关组中的各个业务网关是可以同时接收来自多个目的地址的业务数据的,本发明实施例为描述方便,可以仅考虑针对同一目的地址的业务数据的业务传输速率,但是,并不限于本发明实施例中所示实现方式。It should be noted that, in the embodiment of the present invention, each service gateway in the service gateway group can receive the service data from multiple destination addresses at the same time. The embodiment of the present invention is convenient for description, and only the service data for the same destination address can be considered. The service transmission rate, however, is not limited to the implementation shown in the embodiment of the present invention.
在一个可选实施例中,上述业务传输速率信息可以表现为表示业务传输速率大小的值,还可以表现为一个指示信息,该指示信息用于指示上述业务传输速率,例如利用在本地存储的映射关系表(该映射关系表存储有所述指示信息与业务传输速率的对应关系)来得到上述业务传输速率。In an optional embodiment, the service transmission rate information may be expressed as a value indicating a size of the service transmission rate, and may also be expressed as an indication information, where the indication information is used to indicate the foregoing service transmission rate, for example, using a locally stored mapping. The relationship table (the mapping relationship table stores the correspondence between the indication information and the service transmission rate) to obtain the foregoing service transmission rate.
需要说明的是,业务网关组是由分布式环境中的业务网关组成,可以是对同一目的IP的业务数据进行分流的业务网关,即用于分担同一目的地址的流量(此处可以表现为业务数据)的业务网关。
It should be noted that the service gateway group is composed of a service gateway in a distributed environment, and may be a service gateway that performs traffic distribution on the same destination IP address, that is, traffic used to share the same destination address (here, it may be represented as a service). Data) of the service gateway.
步骤S304,对于业务网关组中的每个业务网关,判断业务传输速率信息所指示的业务传输速率是否大于与业务网关对应的限流阈值;Step S304, determining, for each service gateway in the service gateway group, whether the service transmission rate indicated by the service transmission rate information is greater than a traffic limiting threshold corresponding to the service gateway;
可选地,上述限流阈值可以是预先设置的,也可以是由上述各个业务网关预先分配的,对于后者,可以表现为以下实现形式:在获取分布式环境中业务网关组上报的业务传输速率信息之前,为业务网关组中各个业务网关分配上述限流阈值,其中,为各个业务网关分配的限流阈值是相同的。Optionally, the foregoing traffic limiting threshold may be preset or may be pre-allocated by the foregoing service gateways. For the latter, the following implementation manner may be implemented: the service transmission reported by the service gateway group in the acquired distributed environment. Before the rate information, the traffic limiting threshold is allocated to each service gateway in the service gateway group, where the traffic limiting thresholds allocated for each service gateway are the same.
步骤S306,在至少一个判断结果为是时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;这样,由于指定阈值的总和不大于运营商为目的地址分配的带宽,因此,可以保证目的地址的业务传输速率不会超过上述带宽。事实上,为各个网关分配的限流阈值的总和一般是根据运营商为目的地址分配的带宽确定的,即限流阈值的总和不大于上述带宽。In step S306, when the at least one determination result is YES, the current-limit threshold allocated to each service gateway is adjusted to a specified value, and a specified threshold is obtained, where the specified value satisfies the following condition: the sum of the specified values on each service gateway is not greater than the operation. The quotient is the bandwidth allocated by the destination address; thus, since the sum of the specified thresholds is not greater than the bandwidth allocated by the operator for the destination address, it can be ensured that the service transmission rate of the destination address does not exceed the above bandwidth. In fact, the sum of the current-limit thresholds assigned to the respective gateways is generally determined according to the bandwidth allocated by the operator for the destination address, that is, the sum of the traffic-limit thresholds is not greater than the foregoing bandwidth.
在一个可选实施例中,指定阈值可以按照以下处理过程确定:获取每个业务网关上的业务传输速率在总业务传输速率中的占比,其中,该总业务传输速率为业务网关组中所有业务网关上针对目的地址的传输速率进行取和运算得到;按照占比与带宽确定为业务网关组中各个业务网关重新分配的指定阈值。具体地,上述实现过程的原理可以用以下公式表示:In an optional embodiment, the specified threshold may be determined according to the following process: obtaining the proportion of the service transmission rate on each service gateway in the total service transmission rate, where the total service transmission rate is all in the service gateway group. The service gateway performs a summation operation on the transmission rate of the destination address; the specified threshold is reassigned to each service gateway in the service gateway group according to the ratio and the bandwidth. Specifically, the principle of the above implementation process can be expressed by the following formula:
Th=(x/S)*B,其中,Th为指定阈值,x表示业务网关组中每个业务网关上的业务传输速率,S表示总业务传输速率,B为常数,与运营商为上述目的地址分配的带宽相等,也可以表现为业务网关组中各个业务网关上
针对上述目的地址的限流阈值的总和。Th=(x/S)*B, where Th is the specified threshold, x is the service transmission rate on each service gateway in the service gateway group, S is the total service transmission rate, B is a constant, and the operator is the above purpose. The bandwidth allocated by the address is equal, and can also be expressed as each service gateway in the service gateway group.
The sum of the current-limit thresholds for the above destination addresses.
另外,从上述内容也可以看出,限流阈值和指定阈值并不是针对一个设备而言的,而是针对上述业务网关组中与目的地址对应的所有业务网关而言的,即限流阈值和指定阈值均可以理解为一组阈值或一种类型的阈值。In addition, it can be seen from the foregoing that the traffic limiting threshold and the specified threshold are not for one device, but for all service gateways corresponding to the destination address in the service gateway group, that is, the traffic limiting threshold and A given threshold can be understood as a set of thresholds or a type of threshold.
步骤S308,将指定阈值下发给上述业务网关组中的各个业务网关,这样,业务网关便可以根据指定阈值对针对上述目的地址的业务传输速率进行限制,从而实现限流。In step S308, the specified threshold is sent to each service gateway in the service gateway group, so that the service gateway can limit the service transmission rate for the destination address according to the specified threshold, thereby implementing traffic limiting.
在一个可选实施例中,业务网关可以为真实的业务网关设备,或者,分布式设备中可以进行独立作业的业务单元,对于后者,可以表现为具有多个独立CPU的设备,或者具有多个线卡的线卡插入式设备。另外,业务网关可以同时支持对多个目的地址的业务传输速率的限制。In an optional embodiment, the service gateway may be a real service gateway device, or a service unit in the distributed device that can perform independent operations, and for the latter, it may be represented as a device with multiple independent CPUs, or Line card plug-in device for line cards. In addition, the service gateway can simultaneously limit the service transmission rate of multiple destination addresses.
需要说明的是,本发明实施例中的目的地址可以表现为IP地址,或者用于指示IP地址的标识等,但不限于此。It should be noted that the destination address in the embodiment of the present invention may be represented by an IP address, or an identifier for indicating an IP address, and the like, but is not limited thereto.
正如上面,步骤S302可以通过集中式控制方案和分布式控制方案实现,而事实上,本发明实施例中提供的业务传输速率的控制方法也是可以应用于分布式环境中的集中式控制设备或者业务网关组中的指定业务网关中的,其中,集中式控制设备为分布式环境中除业务网关组中的业务网关之外的设备。As above, step S302 can be implemented by a centralized control scheme and a distributed control scheme. In fact, the control method of the service transmission rate provided in the embodiment of the present invention is also applicable to a centralized control device or service in a distributed environment. Among the specified service gateways in the gateway group, where the centralized control device is a device other than the service gateway in the service gateway group in the distributed environment.
对于集中式控制设备,可以为在分布式环境中新增加的一类设备,也可以是可以实现集中式控制的其它设备,此处并不作限定。对于指定业务
网关通过以下方式确定:对所述目的地址进行哈希运算,得到与所述目的地址对应的哈希值;从所述业务网关组中选择与所述哈希值对应的业务网关作为所述指定业务网关。For a centralized control device, it may be a newly added type of device in a distributed environment, or may be another device that can implement centralized control, which is not limited herein. For a given business
The gateway determines, by performing a hash operation on the destination address, obtaining a hash value corresponding to the destination address, and selecting, from the service gateway group, a service gateway corresponding to the hash value as the specified Service gateway.
其中,哈希算法是把任意长度的输入(又叫做预映射,pre-image),通过散列算法,变换成固定长度的输出,该输出就是散列值。这种转换是一种压缩映射,也就是,散列值的空间通常远小于输入的空间,不同的输入可能会散列成相同的输出。The hash algorithm converts an input of arbitrary length (also called pre-map) into a fixed-length output through a hashing algorithm, and the output is a hash value. This conversion is a compression map, that is, the space of the hash value is usually much smaller than the input space, and different inputs may be hashed to the same output.
在一个可选实施例中,上述选择过程可以采用以下方式实现:In an alternative embodiment, the above selection process can be implemented in the following manner:
通过一定hash算法f(key)将不同目的IP的流量(即业务传输速率)计算分摊到这几个业务网关上,算法函数中的key即输入参数在这里为目的IP地址。例如共有4个业务网关,则可以采用折叠法的hash算法,将32bit的目的IP地址转换成2bit的hash值,hash值为0的目的IP则将其流量数据送给业务网关A,hash值为1的目的IP则将其流量数据送给业务网关B,hash值为2的目的IP则将其流量数据送给业务网关C,hash值为3的目的IP则将其流量数据送给业务网关D。The traffic of different destination IPs (that is, the service transmission rate) is allocated to the service gateways through a certain hash algorithm f(key). The key in the algorithm function is the destination IP address here. For example, if there are four service gateways, the hash algorithm can be used to convert the 32-bit destination IP address into a 2-bit hash value. The destination IP address with the hash value of 0 sends its traffic data to service gateway A. The hash value is The destination IP of 1 sends its traffic data to service gateway B. The destination IP with hash value of 2 sends its traffic data to service gateway C. The destination IP with hash value of 3 sends its traffic data to service gateway D. .
需要说明的是,上述两种控制方案仅是控制逻辑不同,即一种是集中式控制,一种是分布式控制,但是,这两种控制方式的主要设计思想是相同的,即根据每台业务网关上的流量大小(即业务传输速率)动态调整其对应的限流阈值(即对业务传输速率进行限制的阈值)。以下针对上述两种控制方案,结合具体实施例详细说明。
It should be noted that the above two control schemes are only different control logics, that is, one is centralized control and the other is distributed control. However, the main design ideas of the two control modes are the same, that is, according to each The traffic size on the service gateway (that is, the service transmission rate) dynamically adjusts its corresponding traffic limiting threshold (that is, the threshold for limiting the traffic transmission rate). The following two control schemes are described in detail in conjunction with specific embodiments.
方案1,集中式控制方案Option 1, centralized control scheme
该控制方案中,数据收集、阈值的实时计算及其下发都在一台集中式的控制中心(即集中式控制设备)上实现。每台业务网关定时向控制设备上报每个目的IP的流量大小(即业务传输速率的大小),如图4所示,该控制方案的具体实现过程如下:In the control scheme, data collection, real-time calculation of thresholds, and delivery thereof are implemented on a centralized control center (ie, centralized control device). Each service gateway periodically reports the traffic size of each destination IP (that is, the size of the service transmission rate) to the control device. As shown in Figure 4, the specific implementation process of the control scheme is as follows:
S402:初始时,控制中心根据业务网关(SGW)的个数将每个目的IP的实际限流阈值(相当于上述实施例中所述的限流阈值的总和B,一般与运营商为上述目的地址分配的带宽相等)均分为Limit_Threshold/N,然后向每个SGW下发目的IP地址均分之后的限流阈值(即图3所示实施例中的限流阈值),其中,N表示SGW的个数,为正整数;S402: Initially, the control center sets an actual current limit threshold of each destination IP according to the number of service gateways (SGWs) (corresponding to the sum B of the current limiting thresholds in the foregoing embodiments, generally with the operator for the above purpose) The bandwidth of the address allocation is equal, and is divided into Limit_Threshold/N, and then the traffic limiting threshold after the destination IP address is evenly distributed (that is, the current limiting threshold in the embodiment shown in FIG. 3) is sent to each SGW, where N represents the SGW. The number is a positive integer;
S404:每个SGW对目的IP地址的业务传输速率(也可以为流量)进行实时统计,并定时向(比如5s)集中式控制设备上报针对目的IP地址的业务传输速率;S404: Each SGW performs real-time statistics on the service transmission rate (or the traffic) of the destination IP address, and periodically reports the service transmission rate to the destination IP address to the centralized control device (for example, 5s);
S406:集中式控制设备实时对流量信息进行分析和汇总,当发现某个SGW上某个目的IP地址的业务传输速率超过限流阈值之后,立即根据每个SGW上报上来的数据为每个SGW计算新的限流阈值(即指定阈值)。计算方法为:假定每个SGW上报上来某个目的IP的业务传输速率分别为DIP_SGW1_Rate,DIP_SGW2_Rate,DIP_SGWN_Rate,叠加得到该目的IP地址的总传输速率(DIP_Total_Rate),之后根据每个SGW上所承载的速率比例大小计算出指定阈值,例如SGW1上的指定阈值将是(DIP_SGW1_Rate/DIP_Total_Rate)*Limit_Threshold,并将每个SGW上
对应的指定阈值下发到相应的SGW上,其中,Limit_Threshold为上述目的IP地址的总阈值,可以为运营商为该目的IP地址分配的带宽,例如,该目的IP地址对应的用户订制的带宽为10M/S,此时总阈值Limit_Threshold为10M/S,并且,DIP_SGW1_Rate,DIP_SGW2_Rate······DIP_SGWN_Rate的总和不会超过10M/S;S406: The centralized control device analyzes and summarizes the traffic information in real time. After discovering that the service transmission rate of a destination IP address on a certain SGW exceeds the traffic limiting threshold, the data is reported for each SGW according to the data reported by each SGW. The new current limit threshold (that is, the specified threshold). The calculation method is as follows: the service transmission rate of each destination IP address reported by each SGW is DIP_SGW1_Rate, DIP_SGW2_Rate, DIP_SGWN_Rate, and the total transmission rate (DIP_Total_Rate) of the destination IP address is superimposed, and then according to the rate carried on each SGW. The proportional size calculates the specified threshold. For example, the specified threshold on SGW1 will be (DIP_SGW1_Rate/DIP_Total_Rate)*Limit_Threshold and will be on each SGW.
The corresponding specified threshold is sent to the corresponding SGW, where the Limit_Threshold is the total threshold of the destination IP address, and may be the bandwidth allocated by the operator for the destination IP address, for example, the user-defined bandwidth corresponding to the destination IP address. 10M/S, at this time, the total threshold Limit_Threshold is 10M/S, and the sum of DIP_SGW1_Rate, DIP_SGW2_Rate·····DIP_SGWN_Rate does not exceed 10M/S;
S408:下发指定阈值(DIP_SGWN_Rate/DIP_Total_Rate)*Limit_Threshold)以使SGW根据指定阈值进行限流(即对目的IP地址在该SGW上的业务传输速率进行限制)S408: The specified threshold (DIP_SGWN_Rate/DIP_Total_Rate)*Limit_Threshold is sent to enable the SGW to perform traffic limiting according to the specified threshold (that is, limit the service transmission rate of the destination IP address on the SGW)
S410:,重复步骤S402-S408,每个周期调整一次阈值,直至所有SGW上的业务传输速率均小于限流阈值(即SGW上输出的针对目的IP地址的总业务传输速率小于限流阈值)。S410: Steps S402-S408 are repeated, and the threshold is adjusted once every period until the service transmission rate on all SGWs is smaller than the traffic limiting threshold (that is, the total service transmission rate for the destination IP address output on the SGW is smaller than the traffic limiting threshold).
其中图4中的SGW表示业务网关或者分布式设备中独立作业的业务单元,ICS表示集中式控制系统,即控制设备。The SGW in FIG. 4 represents a service unit in a service gateway or a distributed device, and the ICS represents a centralized control system, that is, a control device.
其中,对于集中式控制设备的控制流程如图5所示,包括以下处理步骤:The control flow for the centralized control device is as shown in FIG. 5, and includes the following processing steps:
步骤S502,向业务网关组中的所有业务网关(SGW)下发初始限流阈值(即限流阈值);Step S502: The initial traffic limiting threshold (ie, the traffic limiting threshold) is sent to all service gateways (SGWs) in the service gateway group.
步骤S504,接收每个SGW上报的业务传输速率;Step S504, receiving a service transmission rate reported by each SGW;
步骤S506,对相同目的IP地址的业务传输速率进行汇总;Step S506, summarizing service transmission rates of the same destination IP address;
步骤S508,判断某个SGW上的业务传输速率是否大于对应的限流阈
值,如果是,转步骤S510,否则转步骤S504;Step S508, determining whether the service transmission rate on a certain SGW is greater than a corresponding current limiting threshold.
Value, if yes, go to step S510, otherwise go to step S504;
步骤S510,根据当前的业务传输速率在总业务传输速率(即定制带宽)中的比例,计算每个SGW针对目的IP地址的指定阈值;Step S510, calculating a specified threshold for each SGW for the destination IP address according to a ratio of the current service transmission rate in the total service transmission rate (ie, the customized bandwidth);
步骤S512,向每个SGW下发更新后的指定阈值。Step S512, the updated specified threshold is sent to each SGW.
其中,各个SGW上的控制面处理流程如图6所示,包括以下处理步骤:The control plane processing flow on each SGW is as shown in FIG. 6, and includes the following processing steps:
步骤S602,判断是否有消息输入,如果是,转步骤S604,否则等待;Step S602, determining whether there is a message input, and if yes, proceeding to step S604, otherwise waiting;
步骤S604,接收集中式控制设备下发的指定阈值;Step S604, receiving a specified threshold delivered by the centralized control device;
步骤S606,将针对目的IP地址的限流阈值更新为指定阈值。Step S606, updating the current limit threshold for the destination IP address to a specified threshold.
其中,各个SGW上的数据面处理流程如图7所示,包括以下处理步骤:The data plane processing flow on each SGW is as shown in FIG. 7, and includes the following processing steps:
步骤S702,接收报文;Step S702, receiving a message;
步骤S704,统计目的IP地址的业务传输速率(即流量);Step S704, the service transmission rate (ie, the traffic) of the destination IP address is counted;
步骤S706,判断业务传输速率是否超过限流阈值,如果是,则转步骤S708,否则转步骤S702;Step S706, it is determined whether the service transmission rate exceeds the current limit threshold, if yes, then go to step S708, otherwise go to step S702;
步骤S708,进行限流处理,即对业务传输速率进行限制;Step S708, performing a current limiting process, that is, limiting a service transmission rate;
步骤S710,发送流量日志;Step S710, sending a traffic log.
步骤S712,业务网关进行其他处理,转步骤S704,其中,此处其他
处理可以表现为数据转发等,例如在业务网关为防火墙设备时,该其他处理可以表现为网络地址转换(Network Address Translation,简称为NAT)、虚拟专用网络(Virtual Private Network,简称为VPN)访问。Step S712, the service gateway performs other processing, and proceeds to step S704, where other
The processing may be performed as data forwarding, for example, when the service gateway is a firewall device, the other processing may be represented by Network Address Translation (NAT) or Virtual Private Network (VPN) access.
方案2,分布式控制方案 Option 2, distributed control scheme
通过一定的哈希方式,将不同目的IP的数据收集、实时计算及阈值下发分布在不同的业务网关上实现,同时,确保同一个目的IP的阈值计算集中在一个业务网关上处理,其它业务网关上针对该目的IP的流量日志都统一上报到这台业务网关上。如图8所示,具体实现过程如下:Through a certain hashing method, data collection, real-time calculation, and threshold distribution of different destination IPs are distributed on different service gateways. At the same time, the threshold calculation of the same destination IP is centralized on one service gateway, and other services are processed. The traffic logs of the destination IP address are reported to the service gateway. As shown in Figure 8, the specific implementation process is as follows:
步骤S802:初始时,管理员向每个SGW配置为目的IP配置相同的限流阈值(即限流阈值),同时在每个SGW上创建相同的SGW组,并将所有SGW都加入到该SGW组;Step S802: Initially, the administrator configures each SGW to configure the same traffic limiting threshold (ie, the traffic limiting threshold) for the destination IP, and creates the same SGW group on each SGW, and adds all SGWs to the SGW. group;
步骤S804:每个SGW对目的IP的业务传输速率进行实时统计,并基于目的IP地址进行哈希运算,按照运算结果从SGW组中选择一个SGW处理该目的IP地址的阈值计算并定时向该SGW上报该目的IP地址的业务传输速率,例如每个SGW都将目的IP地址为IP-A的业务传输速率发送给SGW2(下面的步骤都以IP-A和SGW2为例进行阐述);Step S804: Each SGW performs real-time statistics on the service transmission rate of the destination IP, performs hash operation based on the destination IP address, selects an SGW from the SGW group to process the threshold calculation of the destination IP address according to the operation result, and periodically reports to the SGW. The service transmission rate of the destination IP address is reported. For example, each SGW sends the service transmission rate of the destination IP address to the IP-A to the SGW2 (the following steps are exemplified by IP-A and SGW2);
步骤S806:SGW2对IP-A的业务传输速率进行分析和汇总,当发现某个SGW上IP-A的业务传输速率超过限流阈值之后,立即根据每个SGW上报上来的数据为每个SGW计算新的限流阈值(即指定阈值)。计算方法为:假定每个SGW上报上来IP-A的业务传输速率分别为DIP_SGW1_Rate,
DIP_SGW2_Rate,DIP_SGWN_Rate,叠加得到IP-A的流量总值(用DIP_Total_Rate表示),之后根据每个SGW上所承载的流量比例大小(即业务传输速率在流量总值中的占比)计算出新的限流阈值。例如SGW1上的限流阈值将是(DIP_SGW1_Rate/DIP_Total_Rate)*Limit_Threshold,并将每个SGW上对应的新的限流阈值下发到相应的SGW上;Step S806: SGW2 analyzes and summarizes the service transmission rate of the IP-A. After discovering that the service transmission rate of the IP-A on a certain SGW exceeds the traffic limiting threshold, the SGW calculates the data reported by each SGW for each SGW. The new current limit threshold (that is, the specified threshold). The calculation method is as follows: it is assumed that the service transmission rate of each IP-A reported by each SGW is DIP_SGW1_Rate,
DIP_SGW2_Rate, DIP_SGWN_Rate, superimposed to get the total traffic value of IP-A (represented by DIP_Total_Rate), and then calculate the new limit according to the proportion of the traffic carried on each SGW (that is, the proportion of the service transmission rate in the total traffic value) Flow threshold. For example, the traffic limiting threshold on SGW1 will be (DIP_SGW1_Rate/DIP_Total_Rate)*Limit_Threshold, and the corresponding new traffic limiting threshold on each SGW is sent to the corresponding SGW;
步骤S808:重复步骤S804-S808,即每个周期均调整一次阈值,直至所有SGW上的业务传输速率均小于限流阈值(指定阈值)。Step S808: Steps S804-S808 are repeated, that is, the threshold is adjusted once every period until the service transmission rate on all SGWs is smaller than the current limit threshold (specified threshold).
其中,各个SGW上控制面处理流程如图9所示,包括以下步骤:The control plane processing flow on each SGW is as shown in FIG. 9 and includes the following steps:
步骤S902,接收每个SGW上报的业务传输速率信息;Step S902, receiving service transmission rate information reported by each SGW;
步骤S904,对相同目的IP地址的业务传输速率进行汇总;Step S904, summarizing service transmission rates of the same destination IP address;
步骤S906,判断是否某个SGW上的业务传输速率大于对应的限流阈值(即限流阈值),如果是,转步骤S908,否则,转步骤S902;Step S906, it is determined whether the service transmission rate on a certain SGW is greater than the corresponding current limit threshold (ie, the current limit threshold), if yes, go to step S908, otherwise, go to step S902;
步骤S908,根据当前的业务传输速率在总业务传输速率中的比例,计算每个SGW针对目的IP地址的指定阈值;Step S908: Calculate a specified threshold for each SGW for the destination IP address according to a ratio of the current service transmission rate in the total service transmission rate.
步骤S910,向每个SGW下发更新后的上述指定阈值。Step S910, the updated specified threshold is sent to each SGW.
其中,各个SGW上的数据面处理流程如图10所示,包括以下步骤:The data plane processing flow on each SGW is as shown in FIG. 10, and includes the following steps:
步骤S1002,接收报文;Step S1002, receiving a message;
步骤S1004,统计目的IP地址的业务传输速率(即流量);Step S1004, the service transmission rate (ie, traffic) of the destination IP address is counted;
步骤S1006,判断业务传输速率是否超过限流阈值,如果是,则转步
骤S1008,否则转步骤S1010;In step S1006, it is determined whether the service transmission rate exceeds the current limit threshold, and if so, the step is changed.
Step S1008, otherwise step S1010;
步骤S1008,进行限流处理,即对业务传输速率进行限制;Step S1008, performing a current limiting process, that is, limiting a service transmission rate;
步骤S1010,对目的IP地址进行哈希运算,获取哈希值;Step S1010: Perform a hash operation on the destination IP address to obtain a hash value.
步骤S1012,根据哈希值从SGW组中选择对应的SGW;Step S1012, selecting a corresponding SGW from the SGW group according to the hash value;
步骤S1014,将业务传输速率发送到选择的SGW;Step S1014, sending a service transmission rate to the selected SGW;
步骤S1016,业务网关进行其他处理。In step S1016, the service gateway performs other processing.
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the present invention is not limited by the described action sequence. Because certain steps may be performed in other sequences or concurrently in accordance with the present invention. In addition, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods of various embodiments of the present invention.
实施例2
Example 2
根据本发明实施例,还提供了一种用于实施业务传输速率的控制方法的装置,该装置可以应用于计算机终端中,但是,该计算机终端完成的功能或结构不限于实施例1中的计算机终端中。例如,本实施例中的计算机终端可以表现为实施例1中的集中式控制设备或者SGW组中的指定业务网关,具体详见实施例1中的描述,此处不再赘述。如图11所示,该装置包括:According to an embodiment of the present invention, there is also provided an apparatus for implementing a control method of a service transmission rate, which may be applied to a computer terminal, but the function or structure completed by the computer terminal is not limited to the computer in Embodiment 1. In the terminal. For example, the computer terminal in this embodiment may be represented by the centralized control device in the first embodiment or the designated service gateway in the SGW group. For details, refer to the description in Embodiment 1, and details are not described herein again. As shown in Figure 11, the device includes:
获取模块110,用于获取分布式环境中的业务网关组中各个业务网关上报的业务传输速率信息,其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关;业务传输速率信息用于指示每个业务网关上针对目的地址的业务传输速率;The obtaining module 110 is configured to obtain the service transmission rate information reported by each service gateway in the service gateway group in the distributed environment, where each service gateway transmits the service data in parallel to the same destination address, and performs the service according to the respective traffic limiting thresholds. a gateway for limiting the service transmission rate of data; the service transmission rate information is used to indicate a service transmission rate for the destination address on each service gateway;
判断模块112,连接至获取模块110,用于对于业务网关组中的每个业务网关,判断业务传输速率信息所指示的业务传输速率是否大于与业务网关对应的限流阈值;The determining module 112 is connected to the obtaining module 110, and is configured to determine, for each service gateway in the service gateway group, whether the service transmission rate indicated by the service transmission rate information is greater than a traffic limiting threshold corresponding to the service gateway;
调整模块114,连接至判断模块112,用于在判断模块112输出的至少一个判断结果为是时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;The adjustment module 114 is connected to the determining module 112, and is configured to adjust the current limiting threshold allocated to each service gateway to a specified value when the at least one determination result output by the determining module 112 is YES, to obtain a specified threshold, wherein the specified value is satisfied. The following conditions: The sum of the specified values on each service gateway is not greater than the bandwidth allocated by the carrier for the destination address;
发送模块116,连接至调整模块114,用于将指定阈值下发给上述各个业务网关。
The sending module 116 is connected to the adjusting module 114, and is configured to send the specified threshold to each of the foregoing service gateways.
通过上述各个模块实现的功能,同样可以实现对目的地址的业务传输速率进行限制的目的,从而保证经过多台业务网关并行限流之后的总流量(即同一目的地址的总业务传输速率)符合预期的阈值。The functions implemented by the above modules can also limit the service transmission rate of the destination address, so as to ensure that the total traffic after the parallel restriction of multiple service gateways (that is, the total service transmission rate of the same destination address) is in line with expectations. Threshold.
可选地,如图12所示,调整模块114可以包括以下处理单元:Optionally, as shown in FIG. 12, the adjustment module 114 may include the following processing unit:
获取单元1140,用于获取每个业务网关上的业务传输速率在总业务传输速率中的占比,其中,总业务传输速率为业务网关组中所有业务网关上针对目的地址的业务传输速率进行取和运算得到;确定单元1142,连接至获取单元1140,用于按照占比与带宽确定为业务网关组中各个业务网关重新分配的指定阈值。The obtaining unit 1140 is configured to obtain a proportion of the service transmission rate of each service gateway in the total service transmission rate, where the total service transmission rate is used for the service transmission rate of the destination address on all service gateways in the service gateway group. The operation unit 1142 is connected to the obtaining unit 1140, and is configured to determine, according to the ratio and the bandwidth, a specified threshold that is reassigned to each service gateway in the service gateway group.
需要说明的是,本实施例的可选实施例可以参照实施例1中业务传输速率的控制方法中的实施例,此处不再赘述。It should be noted that, in the optional embodiment of the present embodiment, reference may be made to the embodiment in the method for controlling the service transmission rate in Embodiment 1, and details are not described herein again.
另外,本实施例中所涉及的各个模块可以通过软件或硬件来实现,对于后者,可以表现为以下形式:上述各个模块均位于同一处理器中,或者,上述各个模块位于不同的处理器中;或者,上述各个模块以任意组合的形式位于多个处理器中,但不限于以上表现形式。In addition, each module involved in this embodiment may be implemented by software or hardware. For the latter, the following forms may be used: each of the above modules is located in the same processor, or each module is located in a different processor. Or, each of the above modules is located in a plurality of processors in any combination, but is not limited to the above expressions.
实施例3Example 3
本实施例在业务网关侧提供一种业务传输速率的控制方法,如图13所示,该方法包括:In this embodiment, a service transmission rate control method is provided on the service gateway side. As shown in FIG. 13, the method includes:
步骤S1302,业务网关组中的各个业务网关接收指定阈值,其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值
对业务数据的业务传输速率进行限制的网关,指定阈值通过以下方式确定:Step S1302: Each service gateway in the service gateway group receives a specified threshold, where each service gateway transmits service data in parallel to the same destination address, and according to respective current limit thresholds.
For gateways that limit the service transmission rate of service data, the specified threshold is determined by:
在业务网关组中任一业务网关上的业务传输速率大于与业务网关对应的限流阈值时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;When the service transmission rate on any service gateway in the service gateway group is greater than the traffic restriction threshold corresponding to the service gateway, the traffic limiting threshold assigned to each service gateway is adjusted to a specified value, and the specified threshold is obtained. Condition: The sum of the specified values on each service gateway is not greater than the bandwidth allocated by the carrier for the destination address;
步骤S1304,业务网关依据指定阈值对本地的业务数据传输速率进行限制。Step S1304: The service gateway limits the local service data transmission rate according to the specified threshold.
在一个可选实施例中,指定阈值可以通过以下方式确定:Th=(x/S)*B,其中,Th为指定阈值,x表示业务网关组中每个业务网关上的业务传输速率,S表示总业务传输速率,其中,总业务传输速率为业务网关组中所有业务网关上针对目的地址的传输速率进行取和运算得到。In an optional embodiment, the specified threshold may be determined by: Th = (x / S) * B, where Th is a specified threshold, and x represents a service transmission rate on each service gateway in the service gateway group, S Indicates the total service transmission rate, where the total service transmission rate is obtained by summing the transmission rate of the destination address on all service gateways in the service gateway group.
可选地,本发明实施例提供的业务传输速率的控制方法可以通过一个控制中心或者业务网关组中的指定业务网关实现,例如,在业务网关组中的业务网关接收指定阈值之前,业务网关向分布式环境中的集中式控制设备或者业务网关组中的指定业务网关上报本地针对目的地址的业务传输速率。事实上,本实施例的上述处理过程体现了两种控制方案:集中式控制方案和分布式控制方案。关于这两种控制方案的具体实现方式可以参见实施例1中的描述,此处不再赘述。Optionally, the method for controlling the service transmission rate provided by the embodiment of the present invention may be implemented by using a designated service gateway in a control center or a service gateway group, for example, before the service gateway in the service gateway group receives the specified threshold, the service gateway The localized control device in the distributed environment or the specified service gateway in the service gateway group reports the local service transmission rate for the destination address. In fact, the above process of the present embodiment embodies two control schemes: a centralized control scheme and a distributed control scheme. For a specific implementation manner of the two control schemes, refer to the description in Embodiment 1, and details are not described herein again.
可选地,在业务网关组中的业务网关接收指定阈值之前,业务网关获取限流阈值,并对该业务网关配置该限流阈值,其中,业务网关接收的限
流阈值与业务网关组中的其它业务网关配置的限流阈值是相等的。需要说明的是,此处“获取”的含义包括但不限于:从第三方设备接收(例如集中式控制设备或其它业务网关等);本地配置(例如可以是由管理人员进行人工配置等)。Optionally, before the service gateway in the service gateway group receives the specified threshold, the service gateway obtains the traffic limiting threshold, and configures the traffic limiting threshold for the service gateway, where the service gateway receives the limit.
The flow threshold is equal to the traffic limiting threshold configured by other service gateways in the service gateway group. It should be noted that the meaning of “acquisition” herein includes, but is not limited to, receiving from a third-party device (for example, a centralized control device or other service gateway, etc.); local configuration (for example, may be manually configured by an administrator, etc.).
实施例4Example 4
本实施例提供一种业务传输速率的控制装置,用于实施实施例3中的业务传输速率的控制方法,该装置可以应用于业务网关组中的业务网关,其中,该业务网关组中的各个业务网关为针对同一目的地址的业务数据进行并行分流传输的网关;业务传输速率信息用于指示在业务网关上,针对目的地址的业务传输速率。如图14所示,该装置包括:The embodiment provides a control device for the service transmission rate, which is used to implement the method for controlling the service transmission rate in the embodiment 3. The device can be applied to the service gateway in the service gateway group, where each of the service gateway groups The service gateway is a gateway that performs parallel offload transmission for service data of the same destination address; the service transmission rate information is used to indicate a service transmission rate for the destination address on the service gateway. As shown in Figure 14, the device includes:
接收模块140,用于接收指定阈值;其中,该指定阈值通过以下方式确定:The receiving module 140 is configured to receive a specified threshold; wherein the specified threshold is determined by:
在业务网关组中任一业务网关上的业务传输速率大于与业务网关对应的限流阈值时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;When the service transmission rate on any service gateway in the service gateway group is greater than the traffic restriction threshold corresponding to the service gateway, the traffic limiting threshold assigned to each service gateway is adjusted to a specified value, and the specified threshold is obtained. Condition: The sum of the specified values on each service gateway is not greater than the bandwidth allocated by the carrier for the destination address;
限制模块142,连接至接收模块140,用于依据指定阈值对本地的上述业务数据传输速率进行限制。The limiting module 142 is coupled to the receiving module 140 for limiting the local service data transmission rate according to the specified threshold.
可选地,上述指定阈值可以通过以下方式确定:Th=(x/S)*B,其中,Th为指定阈值,x表示业务网关组中每个业务网关上的业务传输速率,S
表示总业务传输速率,总业务传输速率为业务网关组中所有业务网关上针对目的地址的传输速率进行取和运算得到。Optionally, the foregoing specified threshold may be determined by: Th=(x/S)*B, where Th is a specified threshold, and x represents a service transmission rate on each service gateway in the service gateway group, S
Indicates the total service transmission rate. The total service transmission rate is obtained by summing the transmission rate of the destination address on all service gateways in the service gateway group.
需要说明的是,本实施例的可选实施例可以参照实施例1和3中业务传输速率的控制方法中的实施例,此处不再赘述。It should be noted that, in the optional embodiment of this embodiment, reference may be made to the embodiment in the method for controlling the service transmission rate in Embodiments 1 and 3, and details are not described herein again.
另外,本实施例中所涉及的各个模块可以通过软件或硬件来实现,对于后者,可以表现为以下形式:接收模块140和限制模块142位于同一处理器中;或者,接收模块140和限制模块142分别位于第一处理器和第二处理器中。In addition, each module involved in this embodiment may be implemented by software or hardware. For the latter, the following forms may be adopted: the receiving module 140 and the limiting module 142 are located in the same processor; or, the receiving module 140 and the limiting module 142 are located in the first processor and the second processor, respectively.
实施例5Example 5
本实施例为集中式控制方案,即数据的收集汇总、阈值的计算下发等均在一台集中式控制设备上实现,本实施例提供了一种业务传输速率的控制系统,如图15所示,该控制系统包括:集中式控制设备150和业务网关组152,其中,This embodiment is a centralized control scheme, that is, data collection and aggregation, and threshold calculation and delivery are implemented on a centralized control device. This embodiment provides a control system for service transmission rate, as shown in FIG. The control system includes: a centralized control device 150 and a service gateway group 152, wherein
集中式控制设备150,用于接收业务网关组中的各个业务网关上报的业务传输速率信息,并在各个业务网关上的业务传输速率中存在大于限流阈值的业务传输速率时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值;以及将指定阈值下发给各个业务网关;其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关;业务传输速率信息用于指示每个业务网关上针对目的地址的业务传输速率;指定值满足以下条件:各个业务网
关上指定值的总和不大于运营商为目的地址分配的带宽;The centralized control device 150 is configured to receive the service transmission rate information reported by each service gateway in the service gateway group, and when there is a service transmission rate greater than the traffic restriction threshold in the service transmission rate of each service gateway, the service will be used for each service. The traffic limiting threshold of the gateway is adjusted to a specified value to obtain a specified threshold; and the specified threshold is sent to each service gateway; wherein each service gateway transmits the service data in parallel to the same destination address, and the service is performed according to the respective traffic limiting thresholds. The gateway for limiting the service transmission rate of the data; the service transmission rate information is used to indicate the service transmission rate for the destination address on each service gateway; the specified value satisfies the following conditions: each service network
The sum of the specified values is not greater than the bandwidth allocated by the carrier for the destination address;
业务网关组152中的各个业务网关,用于上报业务传输速率信息并根据接收的指定阈值对每个业务网关上针对目的IP地址的业务传输速率进行限制。Each service gateway in the service gateway group 152 is configured to report service transmission rate information and limit the service transmission rate for the destination IP address on each service gateway according to the received specified threshold.
需要说明的是,本实施例中的集中式控制设备和业务网关组的其他实现功能,可以参见实施例1-4中的相关描述,此处不再赘述。It should be noted that, for the other implementation functions of the centralized control device and the service gateway group in this embodiment, refer to the related description in Embodiment 1-4, and details are not described herein again.
实施例6Example 6
本实施例提供的方案为分布式控制方案,即通过预设规则(例如哈希运算规则),将不同目的地址的数据收集、实时计算及阈值下发等分布在不同的业务网关上实现,同时,确保同一个目的地址的阈值计算在一个业务网关上出来,其它业务网关上针对该目的地址的业务传输速率信息统一上报到该业务网关上。本发明实施例提供一种业务传输速率的控制系统,该系统包括:业务网关组,其中,The solution provided in this embodiment is a distributed control solution, that is, the data collection, the real-time calculation, and the threshold issuance of different destination addresses are distributed on different service gateways by using a preset rule (for example, a hash operation rule). To ensure that the threshold of the same destination address is calculated on a service gateway, and the service transmission rate information of the destination address is reported to the service gateway. An embodiment of the present invention provides a control system for a service transmission rate, where the system includes: a service gateway group, where
业务网关组中的指定业务网关,用于接收业务网关组中除指定业务网关之外的其他业务网关上报的业务传输速率信息;并在业务网关组中任一业务网关上的业务传输速率大于与业务网关对应的限流阈值时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值;以及将指定阈值下发给其它业务网关;The specified service gateway in the service gateway group is configured to receive service transmission rate information reported by other service gateways in the service gateway group except the designated service gateway; and the service transmission rate on any service gateway in the service gateway group is greater than The traffic threshold corresponding to the service gateway is adjusted to a specified value for each service gateway, and the specified threshold is obtained; and the specified threshold is sent to other service gateways;
其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关;业务传输速率
信息用于指示在业务网关上,针对目的地址的业务传输速率;指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽。Each service gateway is a gateway that transmits service data in parallel to the same destination address, and limits the service transmission rate of the service data according to the respective traffic limiting thresholds; the service transmission rate
The information is used to indicate the service transmission rate for the destination address on the service gateway; the specified value satisfies the following condition: the sum of the specified values on each service gateway is not greater than the bandwidth allocated by the operator for the destination address.
可选地,指定业务网关为通过以下方式确定的业务网关:对目的地址的数据进行哈希运算,根据运算结果从业务网关组中选择出指定业务网关。Optionally, the service gateway is configured as a service gateway that is determined by: hashing data of the destination address, and selecting a specified service gateway from the service gateway group according to the operation result.
需要说明的是,本实施例中的集中式控制设备和业务网关组的其他实现功能,可以参见实施例1-4中的相关描述,此处不再赘述。It should be noted that, for the other implementation functions of the centralized control device and the service gateway group in this embodiment, refer to the related description in Embodiment 1-4, and details are not described herein again.
实施例7Example 7
本发明的实施例可以提供一种计算机终端,该计算机终端可以是计算机终端群中的任意一个计算机终端设备。可选地,在本实施例中,上述计算机终端也可以替换为移动终端等终端设备。Embodiments of the present invention may provide a computer terminal, which may be any one of computer terminal groups. Optionally, in this embodiment, the foregoing computer terminal may also be replaced with a terminal device such as a mobile terminal.
可选地,在本实施例中,上述计算机终端可以位于计算机网络的多个网络设备中的至少一个网络设备。Optionally, in this embodiment, the computer terminal may be located in at least one network device of the plurality of network devices of the computer network.
在本实施例中,上述计算机终端可以执行业务传输速率的控制方法中以下步骤的程序代码:获取分布式环境中的业务网关组中各个业务网关上报的业务传输速率信息,其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关;业务传输速率信息用于指示每个业务网关上针对目的地址的业务传输速率;对于业务网关组中的每个业务网关,判断业务传输速率信息所指示的业务传输速率是否大于与业务网关对应的限流阈值;在至少一个判断
结果为是时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;将指定阈值下发给各个业务网关。In this embodiment, the computer terminal may execute the program code of the following steps in the method for controlling the service transmission rate: acquiring the service transmission rate information reported by each service gateway in the service gateway group in the distributed environment, where each service gateway is a gateway that transmits service data in parallel to the same destination address and limits the service transmission rate of the service data according to the respective traffic restriction thresholds; the service transmission rate information is used to indicate the service transmission rate for the destination address on each service gateway; Each service gateway in the gateway group determines whether the service transmission rate indicated by the service transmission rate information is greater than a traffic restriction threshold corresponding to the service gateway; at least one judgment
When the result is YES, the current-limit thresholds assigned to the service gateways are adjusted to the specified values, and the specified thresholds are obtained. The specified values meet the following conditions: the sum of the specified values on each service gateway is not greater than the bandwidth allocated by the carrier for the destination address. The specified threshold is sent to each service gateway.
可选地,图16是根据本发明实施例的一种计算机终端的结构框图。如图16所示,该计算机终端A可以包括:一个或多个(图中仅示出一个)处理器161、存储器163、以及传输装置165。Optionally, FIG. 16 is a structural block diagram of a computer terminal according to an embodiment of the present invention. As shown in FIG. 16, the computer terminal A may include one or more (only one shown in the figure) processor 161, memory 163, and transmission device 165.
其中,存储器163可用于存储软件程序以及模块,如本发明实施例中的安全漏洞检测方法和装置对应的程序指令/模块,处理器161通过运行存储在存储器163内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的系统漏洞攻击的检测方法。存储器163可包括高速随机存储器,还可以包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器163可进一步包括相对于处理器161远程设置的存储器,这些远程存储器可以通过网络连接至终端A。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 163 can be used to store software programs and modules, such as the security vulnerability detection method and the program instruction/module corresponding to the device in the embodiment of the present invention, and the processor 161 executes by executing the software program and the module stored in the memory 163. Various functional applications and data processing, that is, detection methods for implementing the aforementioned system vulnerability attacks. Memory 163 may include high speed random access memory, and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 163 can further include memory remotely located relative to processor 161, which can be connected to terminal A over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
上述的传输装置165用于经由一个网络接收或者发送数据。上述的网络具体实例可包括有线网络及无线网络。在一个实例中,传输装置165包括一个网络适配器(Network Interface Controller,NIC),其可通过网线与其他网络设备与路由器相连从而可与互联网或局域网进行通讯。在一个实例中,传输装置165为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。
The transmission device 165 described above is for receiving or transmitting data via a network. Specific examples of the above network may include a wired network and a wireless network. In one example, the transmission device 165 includes a Network Interface Controller (NIC) that can be connected to other network devices and routers via a network cable to communicate with the Internet or a local area network. In one example, the transmission device 165 is a Radio Frequency (RF) module for communicating with the Internet wirelessly.
其中,具体地,存储器163用于存储预设动作条件和预设权限用户的信息、以及应用程序。Specifically, the memory 163 is configured to store preset action conditions and information of the preset rights user, and an application.
处理器161可以通过传输装置调用存储器163存储的信息及应用程序,以执行下述步骤:获取每个业务网关上的业务传输速率在总业务传输速率中的占比,其中,总业务传输速率为业务网关组中所有业务网关上针对目的地址的传输速率进行取和运算得到;按照占比与带宽确定为业务网关组中各个业务网关重新分配的指定阈值。The processor 161 can call the information and the application stored by the memory 163 through the transmission device to perform the following steps: obtaining the proportion of the service transmission rate on each service gateway in the total service transmission rate, where the total service transmission rate is All the service gateways in the service gateway group are summed with the transmission rate of the destination address; the specified threshold is re-allocated for each service gateway in the service gateway group according to the ratio and bandwidth.
可选的,上述处理器161还可以执行如下步骤的程序代码:按照哈希算法从业务网关组中选择一个业务网关作为指定业务网关。Optionally, the processor 161 may further execute the following program code: select a service gateway from the service gateway group as the designated service gateway according to the hash algorithm.
采用本发明实施例,解决了分布式环境下尚无有效的保证经过多台业务网关的并行限流后的总流量符合预期的阈值的技术方案的技术问题。The technical problem of the technical solution that the total traffic after the parallel traffic limiting of multiple service gateways meets the expected threshold is not solved in the distributed environment.
本领域普通技术人员可以理解,图16所示的结构仅为示意,计算机终端也可以是智能手机(如Android手机、iOS手机等)、平板电脑、掌声电脑以及移动互联网设备(MobileInternetDevices,MID)、PAD等终端设备。图16其并不对上述电子装置的结构造成限定。例如,计算机终端A还可包括比图16中所示更多或者更少的组件(如网络接口、显示装置等),或者具有与图16所示不同的配置。A person skilled in the art can understand that the structure shown in FIG. 16 is only an illustration, and the computer terminal can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (MID). Terminal equipment such as PAD. Fig. 16 does not limit the structure of the above electronic device. For example, computer terminal A may also include more or fewer components (such as a network interface, display device, etc.) than shown in FIG. 16, or have a different configuration than that shown in FIG.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令终端设备相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:闪存盘、只读存储器
(Read-Only Memory,ROM)、随机存取器(Random Access Memory,RAM)、磁盘或光盘等。A person of ordinary skill in the art may understand that all or part of the steps of the foregoing embodiments may be completed by a program to instruct terminal device related hardware, and the program may be stored in a computer readable storage medium, and the storage medium may be Including: flash drive, read-only memory
(Read-Only Memory, ROM), Random Access Memory (RAM), disk or optical disk.
实施例8Example 8
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以用于保存上述实施例1所提供的业务传输速率的控制方法所执行的程序代码。Embodiments of the present invention also provide a storage medium. Optionally, in this embodiment, the foregoing storage medium may be used to save the program code executed by the control method of the service transmission rate provided in Embodiment 1 above.
可选地,在本实施例中,上述存储介质可以位于计算机网络中计算机终端群中的任意一个计算机终端中,或者位于移动终端群中的任意一个移动终端中。Optionally, in this embodiment, the foregoing storage medium may be located in any one of the computer terminal groups in the computer network, or in any one of the mobile terminal groups.
可选地,在本实施例中,存储介质被设置为存储用于执行以下步骤的程序代码:获取分布式环境中的业务网关组中各个业务网关上报的业务传输速率信息,其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关;业务传输速率信息用于指示每个业务网关上针对目的地址的业务传输速率;对于业务网关组中的每个业务网关,判断业务传输速率信息所指示的业务传输速率是否大于与业务网关对应的限流阈值;在至少一个判断结果为是时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;将指定阈值下发给各个业务网关。Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: acquiring service transmission rate information reported by each service gateway in the service gateway group in the distributed environment, where each service gateway a gateway for transmitting service data in parallel to the same destination address, and limiting the service transmission rate of the service data according to the respective current limit thresholds; the service transmission rate information is used to indicate the service transmission rate for the destination address on each service gateway; Each service gateway in the service gateway group determines whether the service transmission rate indicated by the service transmission rate information is greater than a traffic restriction threshold corresponding to the service gateway; and when at least one of the determination results is yes, the traffic restriction is allocated for each service gateway. The threshold is adjusted to the specified value, and the specified threshold is obtained. The specified value meets the following conditions: the sum of the specified values on each service gateway is not greater than the bandwidth allocated by the operator for the destination address; the specified threshold is sent to each service gateway.
此处需要说明的是,上述计算机终端群中的任意一个可以与网站服务
器和扫描器建立通信关系,扫描器可以扫描计算机终端上php执行的web应用程序的值命令。It should be noted here that any one of the above computer terminal groups can be associated with a website service.
The scanner establishes a communication relationship with the scanner, and the scanner can scan the value command of the web application executed by php on the computer terminal.
实施例9Example 9
本发明的实施例可以提供一种计算机终端,该计算机终端可以是与实施例7中所述计算机终端结构相同的终端,但是,功能与实施例7中所述计算机终端实现的功能不同。其具体结构可以参见图16所示,此处不再赘述。The embodiment of the present invention may provide a computer terminal, which may be the same terminal as the computer terminal described in Embodiment 7, but the function is different from that implemented by the computer terminal in Embodiment 7. For the specific structure, refer to FIG. 16 , and details are not described herein again.
在本实施例中,上述计算机终端可以执行业务传输速率的控制方法中以下步骤的程序代码:业务网关组中的各个业务网关接收指定阈值,其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关,指定阈值通过以下方式确定:在业务网关组中任一业务网关上的业务传输速率大于与业务网关对应的限流阈值时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;业务网关依据指定阈值对本地的业务数据传输速率进行限制。In this embodiment, the computer terminal may execute the program code of the following steps in the control method of the service transmission rate: each service gateway in the service gateway group receives the specified threshold, where each service gateway transmits the service data in parallel to the same destination address. And the gateway that limits the service transmission rate of the service data according to the respective traffic limiting thresholds, and the specified threshold is determined by: the service transmission rate on any service gateway in the service gateway group is greater than the traffic limiting threshold corresponding to the service gateway. The traffic-limit thresholds that are assigned to the service gateways are adjusted to the specified values, and the specified thresholds are obtained. The specified value meets the following conditions: the sum of the specified values on the service gateways is not greater than the bandwidth allocated by the carrier for the destination address; Limits the local service data transmission rate based on the specified threshold.
其中,图16所示计算机终端中的存储器163可用于存储软件程序以及模块,如本发明实施例中的业务传输速率的控制方法和装置对应的程序指令/模块。The memory 163 in the computer terminal shown in FIG. 16 can be used to store a software program and a module, such as a method for controlling a service transmission rate and a program instruction/module corresponding to the device in the embodiment of the present invention.
处理器161可以通过传输装置调用存储器163存储的信息及应用程序,
以执行下述步骤:业务网关向分布式环境中的集中式控制设备或者业务网关组中的指定业务网关上报本地针对目的地址的业务传输速率。The processor 161 can call the information and the application stored in the memory 163 through the transmission device.
To perform the following steps: the service gateway reports the local service transmission rate to the destination address to the designated service gateway in the centralized control device or the service gateway group in the distributed environment.
可选的,上述处理器161还可以执行如下步骤的程序代码:业务网关获取限流阈值并对业务网关配置限流阈值,其中,业务网关配置的限流阈值与业务网关组中的其它业务网关配置的限流阈值是相等的。Optionally, the processor 161 may further execute the following program code: the service gateway obtains a traffic limiting threshold and configures a traffic limiting threshold for the service gateway, where the traffic limiting threshold configured by the service gateway and other service gateways in the service gateway group are configured. The configured current limit thresholds are equal.
采用本发明实施例,解决了分布式环境下尚无有效的保证经过多台业务网关的并行限流后的总流量符合预期的阈值的技术方案的技术问题。The technical problem of the technical solution that the total traffic after the parallel traffic limiting of multiple service gateways meets the expected threshold is not solved in the distributed environment.
实施例10Example 10
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以用于保存上述实施例1所提供的业务传输速率的控制方法所执行的程序代码。Embodiments of the present invention also provide a storage medium. Optionally, in this embodiment, the foregoing storage medium may be used to save the program code executed by the control method of the service transmission rate provided in Embodiment 1 above.
可选地,在本实施例中,上述存储介质可以位于计算机网络中计算机终端群中的任意一个计算机终端中,或者位于移动终端群中的任意一个移动终端中。Optionally, in this embodiment, the foregoing storage medium may be located in any one of the computer terminal groups in the computer network, or in any one of the mobile terminal groups.
可选地,在本实施例中,存储介质被设置为存储用于执行以下步骤的程序代码:业务网关组中的各个业务网关接收指定阈值,其中,各个业务网关为向同一目的地址并行传输业务数据,并依据各自的限流阈值对业务数据的业务传输速率进行限制的网关,指定阈值通过以下方式确定:在业务网关组中任一业务网关上的业务传输速率大于与业务网关对应的限流
阈值时,将为各个业务网关分配的限流阈值调整为指定值,得到指定阈值,其中,指定值满足以下条件:各个业务网关上指定值的总和不大于运营商为目的地址分配的带宽;业务网关依据指定阈值对本地的业务数据传输速率进行限制。Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: each service gateway in the service gateway group receives a specified threshold, wherein each service gateway transmits the service in parallel to the same destination address. The data, and the gateway that limits the service transmission rate of the service data according to the respective traffic limiting thresholds, the specified threshold is determined by: the service transmission rate on any service gateway in the service gateway group is greater than the traffic restriction corresponding to the service gateway.
When the threshold is set, the traffic-limit thresholds that are assigned to the service gateways are adjusted to the specified values, and the specified thresholds are obtained. The specified value meets the following conditions: the sum of the specified values on the service gateways is not greater than the bandwidth allocated by the carrier for the destination address; The gateway limits the local service data transmission rate according to the specified threshold.
此处需要说明的是,上述计算机终端群中的任意一个可以与网站服务器和扫描器建立通信关系,扫描器可以扫描计算机终端上php执行的web应用程序的值命令。It should be noted here that any one of the above computer terminal groups can establish a communication relationship with the website server and the scanner, and the scanner can scan the value command of the web application executed by php on the computer terminal.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
在本发明的上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments of the present invention, the descriptions of the various embodiments are different, and the parts that are not detailed in a certain embodiment can be referred to the related descriptions of other embodiments.
在本申请所提供的几个实施例中,应该理解到,所揭露的业务网关,可通过其它的方式实现。其中,以上所描述的装置实施例仅仅是示意性的,例如单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,单元或模块的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed service gateway can be implemented in other manners. The device embodiments described above are merely illustrative. For example, the division of a unit is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined or may be integrated into Another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, unit or module, and may be electrical or otherwise.
作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分
或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. You can choose some of them according to your actual needs.
Or all units to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。An integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, can be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium. A number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the various embodiments of the present invention. The foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .
以上仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。
The above is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. These improvements and retouchings should also be considered. It is the scope of protection of the present invention.